MAC flooding

MAC flooding is a computer network enumeration and footprinting technique (attack) that involves the spoofing of a network interface's unique MAC address. The technique targets the limited ability of network switches to store MAC address-to-physical port mappings internally. By flooding a switch with packets containing different source MAC addresses, the attack causes the switch to enter a state called failopen mode, in which all incoming packets are broadcast on all ports. This allows the attacking computer to "see" all legitimate network traffic routed through the affected switch. This visible traffic allows the attacker to gather information about network topology, domain services and individual machines that would otherwise be hidden by the switch.